Abstract: Embodiment mutual authentication and security agreement (MASA) protocols may use independently generated integrity and/or encryption keys to securely communicate private information exchanged between UEs and various network-side devices (e.g., base stations, MMEs, HSSs, etc.). In particular, embodiment MASA protocols may use an initial authentication request (IAR) encryption key (KIARENC) to encrypt UE specific information (e.g., an IMSI, etc.) in an IAR message and/or an initial authentication response (IAS) encryption key (KIASENC) to encrypt private information in an IAS message. Additionally, embodiment MASA protocols may use an IAR integrity protection key (KIARINT) to verify the integrity of information in an IAR message and/or an IAS integrity protection key (KIASINT) to verify the integrity of information in an IAS message. The KIARENC, KIARINT, KIASENC, and/or KIASINT may be independently computed by the UE and a home subscriber server (HSS).

Abstract: The disclosure relates to technology for provisioning out-of-network user equipment with a network relay in a communications network. The network relay device receives an authentication key request message from user equipment including a user equipment identity and an authentication server identity, and communicates the authentication key request message to an authentication server having the authentication server identity. The network relay device communicates a relay authentication key response received from the authentication server to the user equipment such that a secure communication is established between the user equipment and the network. A relay authentication key is generated during establishment of the secure communication between the user equipment and authentication server, and a session with the user equipment is authenticated using a session key generated by the user equipment based on the relay authentication key.

Abstract: A method for establishing a secure connection between a station and an access point includes transmitting a communications system management message to the station, the communications system management message including an access point nonce. The method also includes receiving a station nonce from the station, and determining a first security key according to the access point nonce and the station nonce. The method further includes securing a connection between the station and the access point using the first security key.

Abstract: Embodiments are provided for enabling identity verification of messages originating from a radio station, such as a Femto cell, to a gateway, such as a Femto gateway. In an embodiment, a radio station establishes a first connection for authentication with a security gateway, sends authentication information on the first connection, and receives in return an Internet Protocol (IP) address assigned to the radio station. The security gateway updates a Domain Name System (DNS) to map between the IP address and a DNS name for the radio station. The radio station also establishes a second connection for control messages with a second gateway, and sends the IP address and an identity of the radio station on the second connection. The mapping between the IP address and the DNS name enables the second gateway to identify messages on the second connection between the radio station and the second gateway.

Abstract: A system and method for recovering from a failure is disclosed. A preferred embodiment comprises downloading a first patch into a base station, installing the first patch, loading the first patch, and validating the first patch. Once the first patch has been validated, a second patch may be downloaded, installed, loaded, and verified. This incremental remediation approach allows for the conservation of resources if the system is non-recoverable, as this will become evident prior to a complete download and install is performed.

Abstract: A system and method for name binding for multiple packet data network access is provided. A method for communications device operation includes attaching to a first packet data network through an access network, thereby creating an access point name, triggering a connection to a second packet data network through the access network, and receiving an acknowledgement to the trigger. The triggering occurs over the access point name, and the acknowledgement comprises an address for the communications device. The address is allocated by a gateway for the second packet data network, and the address is allocated based on a binding generated from an identifier of the communications device, an identifier of the access point name, and a parameter.

Abstract: Embodiments are provided for enabling identity verification of messages originating from a radio station, such as a Femto cell, to a gateway, such as a Femto gateway. In an embodiment, a radio station establishes a first connection for authentication with a security gateway, sends authentication information on the first connection, and receives in return an Internet Protocol (IP) address assigned to the radio station. The security gateway updates a Domain Name System (DNS) to map between the IP address and a DNS name for the radio station. The radio station also establishes a second connection for control messages with a second gateway, and sends the IP address and an identity of the radio station on the second connection. The mapping between the IP address and the DNS name enables the second gateway to identify messages on the second connection between the radio station and the second gateway.

Abstract: A method for establishing a secure connection between a station and an access point includes transmitting a communications system management message to the station, the communications system management message including an access point nonce. The method also includes receiving a station nonce from the station, and determining a first security key according to the access point nonce and the station nonce. The method further includes securing a connection between the station and the access point using the first security key.

Abstract: A system and method for recovering from a failure is disclosed. A preferred embodiment comprises downloading a first patch into a base station, installing the first patch, loading the first patch, and validating the first patch. Once the first patch has been validated, a second patch may be downloaded, installed, loaded, and verified. This incremental remediation approach allows for the conservation of resources if the system is non-recoverable, as this will become evident prior to a complete download and install is performed.

Abstract: A key handshake method in a wireless local area network (LAN) capable of performing authentication between two wirelessly connected stations by exchanging keys once is provided. Because the security key for authentication can be exchanged by one 4-way handshake between an authenticator and a supplicant in a wireless LAN, an authentication delay can be prevented.

Abstract: A system and method for name binding for multiple packet data network access is provided. A method for communications device operation includes attaching to a first packet data network through an access network, thereby creating an access point name, triggering a connection to a second packet data network through the access network, and receiving an acknowledgement to the trigger. The triggering occurs over the access point name, and the acknowledgement comprises an address for the communications device. The address is allocated by a gateway for the second packet data network, and the address is allocated based on a binding generated from an identifier of the communications device, an identifier of the access point name, and a parameter.

Abstract: A photographic light system, imaging device and method for providing different types of photographic light uses a single multifunctional light module to produce the different types of photographic light. The multifunctional light module includes a number of semiconductor light source devices, such as light emitting diodes (LED), which are controlled by a light module controller. The multifunctional light module can be used to produce an autofocus auxiliary light, a red-eye reducing light and a flash of light.

Abstract: A key handshake method in a wireless local area network (LAN) capable of performing authentication between two wirelessly connected stations by exchanging keys once is provided. Because the security key for authentication can be exchanged by one 4-way handshake between an authenticator and a supplicant in a wireless LAN, an authentication delay can be prevented.

Abstract: In the method, a value of a first cryptosync for a communication session is derived based on a value of a second cryptosync. The second cryptosync has a longer life than the first cryptosync.

Abstract: A system and method uses a common key provided to a first wireless unit and a second wireless unit to use in secure communications between the first and second wireless units over at least one wireless communications system. By providing a common key to the first and second wireless units, the common key security system alleviates the at least one wireless communications system from having to perform the security methods used to provide secure communications between the first and second wireless units. For example, the encryption/decryption of the communications between the first wireless unit and the second wireless unit can be performed at the first and second wireless units using the common key. In certain embodiments, the first and second wireless units and the serving wireless communications system(s) still perform authentication and obtain keys CK1 and CK2 as described above.

Abstract: An encryption key generation system generates encryption keys at both an originating terminal and a terminating terminal of a wireless network. A central controller generates a shared secret based on the identification information of a requesting terminal and a first number, which may be random. The central controller broadcasts the first number to all terminals. A second number is generated by the central controller incorporating the shared secret data and the terminating terminal's identification information. The requesting terminal generates the shared secret data using the first number and predetermined algorithms and generates an encryption key based on the first number and the shared secret data. The terminating terminal decodes the shared secret data from the second number, and generates the same encryption key using the first number and the shared secret data.